When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks

Liu, Ximing; Li, Yingjiu; Deng, Robert H.; Chang, B. H.; Li, Shujun

doi:10.1016/j.cose.2018.09.003

Cited by 13 publications

(12 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Examples of Inter-keystroke Timing Sequences (in ms) for PIN Entry Tasks can be a serious threat to users relying on such PINs. For instance, Liu et al [19] proposed a user-independent inter-keystroke timing attack on PINs that performed significantly better than random guessing attacks. The attack methodology relies on an inter-keystroke timing dictionary built from Fitts's Law, which relies on conducting real human user study to derive parameters of this model.…”

Section: Modeling Six-digit Pin Entriesmentioning

confidence: 99%

“…A total of 50 different 6-digit PINs were used in the real human user study conducted by Liu et al [19]. Each PIN was entered using the number pad as illustrated in Figure 5(b).…”

Section: Modeling Pin Entriesmentioning

confidence: 99%

“…The <trial></trial> is set to be 50, and a <callback> function is used to link external data (i.e., "PINs.csv"file that contains 50 PINs. More information about these PINs can be found in [19]). This dataset is also made available to the descriptive model as a variable with the ID of "externalPin.…”

Section: Modeling Pin Entriesmentioning

confidence: 99%

“…For the first challenge, let us consider an example of modeling the task of entering a simple six-digit Personal Identification Number (PIN) to help investigate fine-grained issues such as differences between individual six-digit PINs, six-digit PIN groups (weak PIN vs. strong PIN), or inter-keystroke, timing-related cyber attacks [19]. This requires producing up to 10 6 models to cover all possible PINs, as entering each six-digit PIN results in a different interaction workflow.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

CogTool+

Yuan

Rusconi

2021

ACM Trans. Comput.-Hum. Interact.

Self Cite

View full text Add to dashboard Cite

Cognitive modeling tools have been widely used by researchers and practitioners to help design, evaluate, and study computer user interfaces (UIs). Despite their usefulness, large-scale modeling tasks can still be very challenging due to the amount of manual work needed. To address this scalability challenge, we propose CogTool+, a new cognitive modeling software framework developed on top of the well-known software tool CogTool. CogTool+ addresses the scalability problem by supporting the following key features: (1) a higher level of parameterization and automation; (2) algorithmic components; (3) interfaces for using external data; and (4) a clear separation of tasks, which allows programmers and psychologists to define reusable components (e.g., algorithmic modules and behavioral templates) that can be used by UI/UX researchers and designers without the need to understand the low-level implementation details of such components. CogTool+ also supports mixed cognitive models required for many large-scale modeling tasks and provides an offline analyzer of simulation results. In order to show how CogTool+ can reduce the human effort required for large-scale modeling, we illustrate how it works using a pedagogical example, and demonstrate its actual performance by applying it to large-scale modeling tasks of two real-world user-authentication systems.

show abstract

Section: Modeling Six-digit Pin Entriesmentioning

confidence: 99%

“…A total of 50 different 6-digit PINs were used in the real human user study conducted by Liu et al [19]. Each PIN was entered using the number pad as illustrated in Figure 5(b).…”

Section: Modeling Pin Entriesmentioning

confidence: 99%

Section: Modeling Pin Entriesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

CogTool+

Yuan

Rusconi

2021

ACM Trans. Comput.-Hum. Interact.

Self Cite

View full text Add to dashboard Cite

show abstract

“…To protect this private data from unauthorized access, traditional explicit authentication methods for mobile devices are employed using a password, personal identification number (PIN), face, fingerprint, or secret pattern. Previous work has shown that such solutions provide limited security because of several reasons [2][3][4][5]. Firstly, they make devices vulnerable to guessing, shoulder surfing, smudge, and spoofing attacks.…”

Section: Introductionmentioning

confidence: 99%

Multimodal Continuous User Authentication on Mobile Devices via Interaction Patterns

Zhang

2021

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Behavior-based continuous authentication is an increasingly popular methodology that utilizes behavior modeling and sensing for authentication and account access authorization. As an appearing behavioral biometric, user interaction patterns with mobile devices focus on verifying their identity in terms of their features or operating styles while interacting with devices. However, unimodal continuous authentication schemes, which are on the basis of a single source of interaction information, can only deal with a particular action or scenario. Hence, multimodal systems should be taken to suit for various environmental conditions especially in circumstances of attacks. In this paper, we propose a multimodal continuous authentication method both based on static interaction patterns and dynamic interaction patterns with mobile devices. Behavioral biometric features, HMHP, which is combined hand motion (HM) and hold posture (HP), are essentially established upon the touch screen and accelerator and capture the variation model of microhand motions and hold patterns generated in both dynamic and static scenes. By combining the features of HM and HP, the fusion feature HMHP achieves 97% accuracy with a 3.49% equal error rate.

show abstract